Siobhan Gorman wrote a front-page article “China Tech Giant Under Fire – Congressional Probe Says Huawei Poses National-Security Threat to the U.S” on the front page of The Wall Street Journal of October 8, 2012. The next day, she and Juro Osawa wrote an article with the not-unexpected title of “Huawei Fires Back at the U.S.” A third related Wall Street Journal article appeared on October 10, this time by Spenser E. Ante, with the title “Huawei’s Ally: IBM.” And I’m sure that this is far from the last word on the subject
The first article describes a scathing 52-page document, “Investigative Report on the U.S. National Security Issues Posed by Chinese Telecommunications Companies Huawei and ZTE” by the U.S. House of Representatives Permanent Select Committee on Intelligence, published on October 8, 2012. The report has the following five recommendations:
1. View the penetration of the U.S. telecommunications market by Chinese companies with suspicion
2. Consider the long-term security risks associated with doing business with such companies for equipment or services
3. Investigate unfair trade practices of the Chinese telecommunications sector
4. Exhort Chinese companies to become more open and transparent
5. Consider potential legislation to better address the risk posed by telecommunications companies with nation-state ties
On the surface, these recommendations, though harsh, would appear to make some sense. However, if we dig deeper, we see that the recommendations do not solve the underlying security and dependability problem and may indeed make some situations, such as resiliency and availability, worse. Basically, we need to be testing all software and hardware products used in the critical infrastructure for security and integrity, whether they originate offshore or domestically. Today you cannot be sure of the pedigree or full provenance of any product or service. Why not set up facilities to certify all products to be used in the critical infrastructure, regardless of origin?